mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 09:46:30 -05:00
b506db11a0
Signed-off-by: David Mehren <git@herrmehren.de>
32 lines
1.4 KiB
Markdown
32 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest release of HedgeDoc is supported. We don't have the
|
|
ressources to maintain multiple versions.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you find a vulnerability for [this repository](https://github.com/hedgedoc/hedgedoc), please report it to
|
|
[@SISheogorath](https://github.com/SISheogorath).
|
|
|
|
Please report your findings OpenPGP encrypted. If you are not aware of
|
|
how to use OpenPGP, please refer to [@SISheogorath's OpenPGP page](https://shivering-isles.com/pgpme),
|
|
which will take care of the encryption for you.
|
|
|
|
We'll get back to you as soon as possible. You can expect an answer within
|
|
3 days, in rare cases within a month. If you don't get a reply within a month,
|
|
please reach out for other contact addresses in the [community chat](https://chat.hedgedoc.org).
|
|
|
|
When your findings are accepted as a security issue, we'll work an a fix or
|
|
at least a workaround for the next release. With the release that contained
|
|
the fix, we want to encurage you to publish your findings as you like.
|
|
|
|
We'll also credit you in the release notes.
|
|
|
|
When your findings are not accepted as a security issue, feel free to write
|
|
a fix yourself and contribute it to HedgeDoc, as well as publish them as you
|
|
like and allow people to make in informed decision about using HedgeDoc.
|
|
|
|
If you have any further questions, feel free to reach out to the
|
|
[community chat](https://chat.hedgedoc.org) or the mentioned contacts above.
|